#!/bin/bash

set -eu

. ./env.sh

services=("$CONTAINER_PREFIX-$CONTAINER_SERVICE.service"
    "$CONTAINER_PREFIX-$CONTAINER_DB.service"
)

for service in "${services[@]}"; do
    if systemctl --user list-units --full --all | grep -q "$service"; then
        echo "Stopping $service..."
        systemctl --user stop $service
        echo "$service stopped."
    fi
done
containers=(
    "$CONTAINER_SERVER"
    "$CONTAINER_DB"
)
for container in "${containers[@]}"; do
  if podman container exists "$container"; then
    echo "Stop and delete existing container $container"
    if podman inspect -f '{{.State.Running}}' "$container" | grep -q true; then
      podman stop "$container"
    fi
    podman rm "$container"
  fi
done

mkdir -p "$APP_ROOT"
mkdir -p "$DB_DIR"
if ! podman network exists "$NETWORK_NAME"; then
  podman network create "$NETWORK_NAME"
fi

podman create \
  --name "$CONTAINER_DB" \
  --network "$NETWORK_NAME" \
  --userns=keep-id \
  --restart=always \
  -p "$DB_PORT:5432" \
  -e POSTGRES_USER="$DB_USER" \
  -e POSTGRES_PASSWORD="$DB_PASSWORD" \
  -e POSTGRES_DB="$DB_NAME" \
  -e POSTGRES_HOST_AUTH_METHOD=trust \
  -v "$DB_DIR:/var/lib/postgresql/data:Z" \
  docker.io/library/postgres:16-alpine

podman generate systemd \
  --new \
  --name "$CONTAINER_DB" \
  --files --restart-policy always --container-prefix="$CONTAINER_PREFIX" > /dev/null

mv "$CONTAINER_PREFIX-$CONTAINER_DB.service" "$USER_SYSTEMD"

systemctl --user daemon-reload
systemctl --user enable --now "$CONTAINER_PREFIX-$CONTAINER_DB.service"

echo "Waiting for database to be ready..."
until podman exec "$CONTAINER_DB" pg_isready -U "$DB_USER" -d "$DB_NAME"; do
  sleep 1
done
echo "Database is ready."

podman create \
  --name "$CONTAINER_SERVER" \
  --network "$NETWORK_NAME" \
  --restart=always \
  -e DB_URL="postgres://$DB_USER:$DB_PASSWORD@$DB_HOST:$DB_PORT/$DB_NAME" \
  -e ORIGIN="https://$DOMAIN" \
  -p "$APP_PORT:3000" \
  docker.io/johly/airtrail:latest

podman generate systemd \
  --new \
  --name "$CONTAINER_SERVER" \
  --files \
  --restart-policy always \
  --container-prefix="$CONTAINER_PREFIX"

sed -i "/^\[Unit\]/a After=$CONTAINER_PREFIX-$CONTAINER_DB.service \nRequires=$CONTAINER_PREFIX-$CONTAINER_DB.service" $CONTAINER_PREFIX-$CONTAINER_SERVICE.service

mv "$CONTAINER_PREFIX-$CONTAINER_SERVER.service" "$USER_SYSTEMD"
systemctl --user daemon-reload
systemctl --user enable --now "$CONTAINER_PREFIX-$CONTAINER_SERVER.service"

sudo loginctl enable-linger "$USER"

# generate haproxy config
sudo mkdir -p $HAPROXY_SERVICE_DIR
echo "crt $SSL_PATH/fullchain.pem" | sudo tee $HAPROXY_SERVICE_DIR/cert.block > /dev/null
ACL_CFG=$(cat <<EOF
acl is_airtrail hdr(host) -i $DOMAIN
use_backend airtrail_backend if is_airtrail
EOF
)
echo "$ACL_CFG" | sudo tee -a $HAPROXY_SERVICE_DIR/acl.block > /dev/null
BACKEND_CFG=$(cat <<EOF
backend airtrail_backend
    mode http
    option httpchk GET /login HTTP/1.1\r\nHost:\ $DOMAIN
    option forwardfor
    option http-server-close

    server airtrailhttp 127.0.0.1:$APP_PORT alpn http/1.1 check
    # === CORS & proxy headers ===
    http-request set-header X-Forwarded-For %[src]
    http-request set-header X-Forwarded-Proto https
    http-request set-header X-Forwarded-Host %[req.hdr(Host)]
    http-request set-header X-Real-IP %[src]

    # === WebSocket support ===
    http-request set-header Connection "upgrade" if { req.hdr(Upgrade) -i websocket }
    http-request set-header Upgrade "%[req.hdr(Upgrade)]" if { req.hdr(Upgrade) -i websocket }
EOF
)
echo "$BACKEND_CFG" | sudo tee -a $HAPROXY_SERVICE_DIR/backend.block > /dev/null

echo "Deployment completed successfully, run haproxy config to generate the final config file."